CVE-2000-1117
First published: Tue Jan 09 2001(Updated: )
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Notes | =r5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-1117?
The severity of CVE-2000-1117 is classified as medium due to its potential for file existence disclosure.
How do I fix CVE-2000-1117?
To fix CVE-2000-1117, upgrading to a newer version of Lotus Notes that does not utilize the affected Extended Control List feature is recommended.
What systems are affected by CVE-2000-1117?
CVE-2000-1117 specifically affects IBM Lotus Notes version R5.
What type of vulnerability is CVE-2000-1117?
CVE-2000-1117 is a file disclosure vulnerability that allows remote attackers to determine file existence.
Can CVE-2000-1117 be exploited remotely?
Yes, CVE-2000-1117 can be exploited remotely by malicious website operators through the Java Virtual Machine.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/author
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/ibm
- canonical/ibm notes
- version/ibm notes/r5